Best way to implement authentication and authorization for a sharepoint 2010 website

0
votes

I come across different authentication methods in Sharepoint 2010. The sharepoint website we are develpoing as of now is Intranet. Later we are planning to move it to Internet(Public) site. What will be the best way to implement authentication and authorization for our website.

If windows authentication(Classic mode authentication) is default for a sharepoint website (2010) , I have a few questions ragarding windows authentication.

1) In case of windows authentication, where should we maintain users?

2) In case of windows authentication, how are the users created?

3) In case of windows authentication, how can I perform authorization.

If we want to use FBA(Form based authentication) in sharepoint 2010, I have a few questions ragarding FBA in sharepoint 2010.

1) In case of FBA(using Claim based authentication) , if we want to use custom database(where we are storing user details and roles) rather than bulitin SQL membership provider, how can we achieve this?

Can anyone provide some useful resources to implement authentication(Windows or FBA or dual) and authorization for a sharepoint 2010 website with sample code?

Please reply ASAP.

1
sharepoint

1 Answers

1
votes

I would suggest that you use windows authentication for the intranet scenario based on the assumption that there is windows network with an active directory. In that case the users are created and maintained in the active directory of the windows network. To enrich the users with certain properties you might want to run with windows authentication and create custom claims provider. This would give you the opportunity to keep the user management in active directory and have a separate store (e.g. a custom database) for additional information. Steve Peschka wrote an excellent blog on how to write a custom claims provider.

This solution would be the simple approach. You could also look at running ADFS 2.0 and write a custom provider.

For a public avaiable site windows authentication is not an option. So in that case you might be want to check out ADFS but that will include a major in the general infrastructure if login from inside the company should be handled in the same way as from outside the company. More simple alternative include using OpenID or LiveID for the public site while login from inside the company is done with windows login.

Kr., Bernd.